Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security slides are modified from Dave Hollinger.

Published byByron Terry Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security slides are modified from Dave Hollinger."— Presentation transcript:

1 Network Security slides are modified from Dave Hollinger

2 CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 2 by Peter Steiner, New York, July 5, 1993

3 Early Hacking – Phreaking r In1957, a blind seven-year old, Joe Engressia Joybubbles, discovered a whistling tone that resets trunk lines m Blow into receiver – free phone calls CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 3 Cap’n Crunch cereal prize Giveaway whistle produces 2600 MHz tone

4 The Seventies r John Draper m a.k.a. Captain Crunch m “If I do what I do, it is only to explore a system” r In 1971, built Bluebox r Pranksters, free calls m Mark Bernay and Al Bernay m Steve Jobs and Steve Wozniak CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 4

5 The Eighties r Robert Morris worm - 1988 m Developed to measure the size of the Internet However, a computer could be infected multiple times m Brought down a large fraction of the Internet ~ 6K computers m Academic interest in network security CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 5

6 The Nineties r Kevin Mitnick m First hacker on FBI’s Most Wanted list m Hacked into many networks including FBI m Stole intellectual property including 20K credit card numbers m In 1995, caught 2 nd time served five years in prison CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 6

7 Code-Red Worm r On July 19, 2001, more than 359,000 computers connected to the Internet were infected in less than 14 hours r Spread CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 7

8 Sapphire Worm r was the fastest computer worm in history m doubled in size every 8.5 seconds m infected more than 90 percent of vulnerable hosts within 10 minutes. CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 8

9 DoS attack on SCO r On Dec 11, 2003 m Attack on web and FTP servers of SCO a software company focusing on UNIX systems m SYN flood of 50K packet-per-second m SCO responded to more than 700 million attack packets over 32 hours CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 9

10 Witty Worm r 25 March 2004 m reached its peak activity after approximately 45 minutes m at which point the majority of vulnerable hosts had been infected r World r USA USA CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 10

11 Nyxem Email Virus  Jan 15, 2006: infected about 1M computers within two weeks – At least 45K of the infected computers were also compromised by other forms of spyware or botware Spread CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 11

12 12

13 Security Trends CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 13 www.cert.orgwww.cert.org (Computer Emergency Readiness Team)

14 Top Security Threats 14 Computing Technology Industry Association, 2009 survey

15 Changes on the technology landscape affecting security 15

16 Concern for Security r Explosive growth of desktops started in ‘80s m No emphasis on security Who wants military security, I just want to run my spreadsheet! r Internet was originally designed for a group of mutually trusting users m By definition, no need for security m Users can send a packet to any other user m Identity (source IP address) taken by default to be true r Explosive growth of Internet in mid ’90s m Security was not a priority until recently Only a research network, who will attack it? CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 16

17 Concern for Security r Explosive growth of desktops started in ‘80s m No emphasis on security Who wants military security, I just want to run my spreadsheet! r Internet was originally designed for a group of mutually trusting users m By definition, no need for security m Users can send a packet to any other user m Identity (source IP address) taken by default to be true r Explosive growth of Internet in mid ’90s m Security was not a priority until recently Only a research network, who will attack it? CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 17

18 Friends and enemies: Alice, Bob, Trudy r well-known in network security world r Bob, Alice want to communicate “securely” r Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data Alice Bob Trudy

19 Who might Bob, Alice be? r … well, real-life Bobs and Alices! r Web browser/server for electronic transactions (e.g., on-line purchases) r on-line banking client/server r DNS servers r routers exchanging routing table updates r other examples?

20 There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: A lot! m eavesdrop: intercept messages m actively insert messages into connection m impersonation: can fake (spoof) source address in packet (or any field in packet) m hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place m denial of service: prevent service from being used by others (e.g., by overloading resources)

21 Alice’s Online Bank r Alice opens Alice’s Online Bank (AOB) r What are Alice’s security concerns? r If Bob is a customer of AOB, what are his security concerns? r How are Alice and Bob concerns similar? How are they different? r How does Trudy view the situation? CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 21

22 Alice’s Online Bank r AOB must prevent Trudy from learning Bob’s balance  Confidentiality (prevent unauthorized reading of information) r Trudy must not be able to change Bob’s balance r Bob must not be able to improperly change his own account balance  Integrity (prevent unauthorized writing of information) r AOB’s info must be available when needed  Availability (data is available in a timely manner when needed CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 22

23 Alice’s Online Bank r How does Bob’s computer know that “Bob” is really Bob and not Trudy? r When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  Authentication (assurance that other party is the claimed one) r Bob can’t view someone else’s account info r Bob can’t install new software, etc.  Authorization (allowing access only to permitted resources) CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 23

24 Think Like Trudy r Good guys must think like bad guys! r A police detective m Must study and understand criminals r In network security m We must try to think like Trudy m We must study Trudy’s methods m We can admire Trudy’s cleverness m Often, we can’t help but laugh at Alice and Bob’s carelessness m But, we cannot act like Trudy CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 24

25 Aspects of Security r Security Services m Enhance the security of data processing systems and information transfers of an organization. m Counter security attacks. r Security Attack m Action that compromises the security of information owned by an organization. r Security Mechanisms m Designed to prevent, detect or recover from a security attack. CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 25

26 Security Services r Enhance security of data processing systems and information transfers r Authentication m Assurance that the communicating entity is the one claimed r Authorization m Prevention of the unauthorized use of a resource r Availability m Data is available in a timely manner when needed CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 26

27 Security Services r Confidentiality m Protection of data from unauthorized disclosure r Integrity m Assurance that data received is as sent by an authorized entity r Non-Repudiation m Protection against denial by one of the parties in a communication CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 27

28 Security Attacks CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 28 Information source Information destination Normal Flow

29 Security Attacks CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 29 Information source Information destination Interruption Attack on availability (ability to use desired information or resources)

30 Denial of Service CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 30 Internet Perpetrator Victim ICMP echo (spoofed source address of victim) Sent to IP broadcast address ICMP echo reply ICMP = Internet Control Message Protocol Innocent reflector sites Smurf Attack 1 SYN 10,000 SYN/ACKs – Victim is dead

31 Security Attacks CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 31 Information source Information destination Interception Attack on confidentiality (concealment of information)

32 Packet Sniffing CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 32 Packet Sniffer Client Server Network Interface Card allows only packets for this MAC address Every network interface card has a unique 48-bit Media Access Control (MAC) address, e.g. 00:0D:84:F6:3A:10 24 bits assigned by IEEE; 24 by card vendor Packet sniffer sets his card to promiscuous mode to allow all packets

33 Security Attacks CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 33 Information source Information destination Fabrication Attack on authenticity (identification and assurance of origin of information)

34 IP Address Spoofing r IP addresses are filled in by the originating host r Using source address for authentication m r-utilities (rlogin, rsh, rhosts etc..) CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 34 Can A claim it is B to the server S? ARP Spoofing Can C claim it is B to the server S? Source Routing Internet 2.1.1.1 C 1.1.1.11.1.1.2 A B 1.1.1.3 S

35 Security Attacks CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 35 Information source Information destination Modification Attack on integrity (prevention of unauthorized changes)

36 TCP Session Hijack r When is a TCP packet valid? m Address / Port / Sequence Number in window r How to get sequence number? m Sniff traffic m Guess it Many earlier systems had predictable Initial Sequence Number r Inject arbitrary data to the connection CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 36

37 Security Attacks CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 37 Message interception Traffic analysis eavesdropping, monitoring transmissions Passive attacks MasqueradeDenial of service some modification of the data stream Active attacks ReplayModification of message contents

38 Model for Network Security CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 38

39 Security Mechanism r Feature designed to m Prevent attackers from violating security policy m Detect attackers’ violation of security policy m Recover, continue to function correctly even if attack succeeds. r No single mechanism that will support all services m Authentication, authorization, availability, confidentiality, integrity, non-repudiation CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 39

40 What is network security about ? r It is about secure communication m Everything is connected by the Internet r There are eavesdroppers that can listen on the communication channels r Information is forwarded through packet switches which can be reprogrammed to listen to or modify data in transit r Tradeoff between security and performance CP E 401/ 601 Lect ure 17: Net wor k Sec urit y 40

Download ppt "Network Security slides are modified from Dave Hollinger."

Similar presentations

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Modified from Silberschatz, Galvin and Gagne Lecture 22 Chapter 15: Security.

Modified from Silberschatz, Galvin and Gagne Lecture 22 Chapter 15: Security.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Similar presentations

Ads by Google